CVE-2026-2953

Source
https://cve.org/CVERecord?id=CVE-2026-2953
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2953.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-2953
Published
2026-02-22T14:02:15.375Z
Modified
2026-07-15T01:49:05.945407956Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Dromara UJCMS Template WebFileTemplateController.delete deleteDirectory path traversal
Details

A vulnerability has been found in Dromara UJCMS 101.2. This issue affects the function deleteDirectory of the file WebFileTemplateController.delete of the component Template Handler. Such manipulation leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Database specific
{
    "cna_assigner": "VulDB",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/2xxx/CVE-2026-2953.json",
    "cwe_ids": [
        "CWE-22"
    ],
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "101.2"
                },
                {
                    "last_affected": "101.2"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/dromara/ujcms

Affected ranges

Type
GIT
Repo
https://github.com/dromara/ujcms
Events
Database specific
{
    "cpe": "cpe:2.3:a:ujcms:ujcms:10.1.2:*:*:*:*:*:*:*",
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "10.1.2"
        },
        {
            "last_affected": "10.1.2"
        }
    ]
}

Affected versions

10.*
10.1.2
v10.*
v10.1.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2953.json"